Security Researchers Sued For Exposing Internet Filtering Company's Sale Of Censorship Software To Blacklisted Country

from the 'you're-making-us-look-bad'-said-company-caught-looking-bad dept

Nothing says "Please stop keep talking about the bad stuff we do" quite like a bogus defamation lawsuit. Citizen Lab, which has reported on a great number of tech companies that are less than discriminating in their selection of customers (think Hacking Team), has been served with a lawsuit by a purveyor of internet censorship software.

On January 20, 2016, Netsweeper Inc., a Canadian Internet filtering technology service provider, filed a defamation suit with the Ontario Superior Court of Justice. The University of Toronto and myself were named as the defendants. The lawsuit in question pertained to an October 2015 report of the Citizen Lab, “Information Controls during Military Operations: The case of Yemen during the 2015 political and armed conflict,” and related comments to the media. Netsweeper sought $3,000,000.00 in general damages; $500,000.00 in aggravated damages; and an “unascertained” amount for “special damages.”

Netsweeper apparently was less than amused by Citizen Lab's insistence on reporting facts, including the nasty one about it supplying internet filtering software to a country whose government has been blacklisted by the United Nations. You know, things like this:

The research confirms that Internet filtering products sold by the Canadian company Netsweeper have been installed on and are presently in operation in the state-owned and operated ISP YemenNet, the most utilized ISP in the country.

Netsweeper products are being used to filter critical political content, independent media websites, and all URLs belonging to the Israeli (.il) top-level domain.

These new categories of censorship are being implemented by YemenNet, which is presently under the control of the Houthis (an armed rebel group, certain leaders and allies of which are targeted by United Nations Security Council sanctions).

Netsweeper was given a chance to defend itself against Citizen Lab's allegations before the report was made public.

We sent a letter by email directly to Netsweeper on October 9, 2015. In that letter we informed Netsweeper of our findings, and presented a list of questions. We noted: “We plan to publish a report reflecting our research on October 20, 2015. We would appreciate a response to this letter from your company as soon as possible, which we commit to publish in full alongside our research report.”

Netsweeper never replied.

Rather than meet the situation head on, Netsweeper chose to hang back and lob a lawsuit at Citizen Lab after it published its report. Fortunately for the security researchers, Netsweeper has chosen to drop its lawsuit entirely, possibly because pursuing the questionable defamation claims would have put it up against Ontarios's version of anti-SLAPP laws: the Protection of Public Participation Act.

The world of security research is still a dangerous place. When researchers aren't being arrested for reporting on their findings, they're being sued for exposing security flaws and highly-questionable behavior. It's a shame there aren't more built-in protections for researchers, who tend to receive a lot of legal heat just for doing their job.

Filed Under: canada, censorship, citizen lab, filtering, software, yemen
Companies: citizen lab, netsweeper

Hacking Team Hacked: Documents Show Company Sold Exploits And Spyware To UN-Blacklisted Governments

from the I-would-imagine-there-are-plenty-of-new-openings-on-its-appointment-calendar dept

Hacking Team -- purveyor of exploits and spyware to a variety of government agencies all over the world -- has been hacked. Late Sunday night, its Twitter account name was changed to "Hacked Team" and its bio to read:

Developing ineffective, easy-to-pwn offensive technology to compromise the operations of the worldwide law enforcement and intelligence communities.

Whoever's behind this (no group has claimed responsibility yet) has repurposed the official Hacking Team Twitter feed to send out screenshots of incriminating information it/they have uncovered. For those who want to take a look themselves, the liberated documents can be torrented. Here are two places the torrent file can be picked up. (CAUTION: Actual file is 400 GB, so use a robust client and check your drive[s] for free space…) [And, if those go down, I've also stashed the torrent file here.]

What has been exposed so far shows Hacking Team has been lying about its business partners. It claims to only sell to NATO partners and blacklists oppressive governments. But its "Customer" Wiki appears to show that it counts such countries as Kazakhstan, Sudan, Russia, Saudi Arabia, Egypt and Malaysia as partners.

Screenshots of emails accessed by Hacking Team's hackers show the company circumventing local regulations and restrictions on the export of exploits and spyware by using third-party resellers.

If you can't see/read the screenshot, here's the pertinent information. The email subject is "Remote Control Davinci System Into Nigeria." Underneath that is the proposed third-party process for sneaking Hacking Team's "Davinci" past import/export restrictions:

Commissions and meeting:

Being an Italian company, we are following the guidelines of our exterior ministry.

Understanding that this is an uncommon circumstance, this is what we are proposing:

HackingTeam will sell directly to your company and then TunsmosPetroleum will add its own mark up. The price you will purchase from us will include a discount on the list price as a compensation for the 1st meeting/demo in Milan and the training (in Milan as well) after the sale.

Other screenshots further confirm Hacking Team's efforts in forbidden markets. One shows the company dealing with a "Sudan Citizen Lab request," suggesting its end user(s) are uncomfortable with the investigative activities CL is performing.

ACLU technologist Chris Soghoian has taken a look at the files and uncovered even more incriminating information, including Hacking Team's stonewalling of a UN investigation into its sales in Sudan. This investigation is the direct result of Citizen Lab's investigative work. According to the files viewed by Soghoian, Hacking Team has denied any "current sales relationship" with Sudan, at least in terms of selling the sort of weaponized software forbidden by multiple treaties and UN resolutions. It claimed the software isn't weaponized tech. The UN disagreed.

Your letter 1029 of 13 March 2015 also stated that the company did not consider the Remote Control Software to be a weapon, and therefore fell outside the parameters of the sanctions regime. The view of the Panel is that as such software is ideally suited to support military electronic intelligence (ELINT) operations it may potentially fall under the category of "military… equipment" or "assistance" related to prohibited items…

There's still plenty more to be uncovered in the document dump. Soghoian has already uncovered a spreadsheet listing every government customer, along with revenue to date.

Whatever happens from here on out should prove very interesting. Hacking Team is in for the longest Monday ever.

Filed Under: citizen lab, governments, hacking team, hacking tools, sudan, un
Companies: hacking team